Octo
ReviewAudited by ClawScan on May 16, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions, system-prompt-override, base64-block); human review is required before treating this skill as clean.
Install only if you trust the publisher/package source. Protect the bot token stored in OpenClaw configuration, restrict who can message the bot, and require explicit approval before allowing install/update/uninstall or other sensitive actions through the agent. ClawScan detected prompt-injection indicators (ignore-previous-instructions, system-prompt-override, base64-block), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running these commands gives the package the ability to modify OpenClaw plugin/config state.
The skill documents npm-based setup and administrative commands that can install, update, uninstall, or change plugin configuration.
npx -y openclaw-channel-octo install ... npx -y openclaw-channel-octo uninstall
Run setup or admin commands only when you intend to, and avoid letting an agent invoke install/update/uninstall actions without explicit approval.
Anyone who can read the config file may be able to control or impersonate the configured Octo bot.
The plugin requires and persists a bot token in the user's OpenClaw configuration.
"botToken": "bf_your_token_here" ... Bot accounts are stored in `~/.openclaw/openclaw.json`
Protect ~/.openclaw/openclaw.json, use least-privilege bot credentials where possible, and rotate the bot token if it is exposed.
People who can message the bot may send content that is processed by the agent, and group-chat content may enter the agent context.
The plugin creates a live external message channel into the OpenClaw agent.
Connects to WebSocket for real-time message receiving ... Dispatches incoming messages to OpenClaw's message handler
Limit who can contact the bot, consider enabling requireMention for groups, and require confirmation before the agent performs sensitive actions based on chat messages.
The bot can continue listening and reconnecting until the account is removed, the plugin is uninstalled, or the bot token is invalidated.
The channel is designed to keep a persistent connection alive after setup.
Auto-reconnects on disconnection
Remove unused accounts or uninstall the plugin when you no longer want Octo messages reaching OpenClaw.